Getting Red Hat 9 to Work With Kerberos

Kerberos RPMs we need

krb5-workstation

krb5-libs

pam_krb5

iptables configuration

Network Ports

ftp           21/tcp           # Kerberos ftp and telnet use the
telnet        23/tcp           # default ports
kerberos      88/udp    kdc    # Kerberos V5 KDC
kerberos      88/tcp    kdc    # Kerberos V5 KDC
klogin        543/tcp          # Kerberos authenticated rlogin
kshell        544/tcp   cmd    # and remote shell
kerberos-adm  749/tcp          # Kerberos 5 admin/changepw
kerberos-adm  749/udp          # Kerberos 5 admin/changepw
krb5_prop     754/tcp          # Kerberos slave propagation
eklogin       2105/tcp         # Kerberos auth. & encrypted rlogin
krb524        4444/tcp         # Kerberos 5 to 4 ticket translator

Q: Why doesn't dce.buffalo.edu show up in DNS?
A: It's the realm, not a machine.

Notes

KDC is kerb1.acsu.buffalo.edu.

Realm is dce.buffalo.edu

After making changes to /etc/krb5.conf, reboot.

We need to configure PAM so that Kerberos is first and required for authentication.

Links

MIT Kerberos Page

Frequently Asked Questions about Kerberos

The Moron's Guide to Kerberos, Version 1.2.2

How To Kerberize your site

Kerberos V5 System Administrator's Guide